June

HUAWEI is releasing monthly security updates for flagship models. This security update includes Android and HUAWEI patches:

This security update includes the CVE announced in the June 2021 Android security bulletin.

Critical:CVE-2021-0516,CVE-2021-0507

High:CVE-2020-11292,CVE-2021-0504,CVE-2021-0508,CVE-2021-0509,CVE-2021-0510,CVE-2021-0511,CVE-2021-0506,CVE-2021-0517,CVE-2021-0520,CVE-2021-0521,CVE-2021-0522,CVE-2021-0523,CVE-2021-0505

Medium:none

Low: none

Already included in previous updates:CVE-2020-0009,CVE-2018-11985,CVE-2020-0478,CVE-2020-0473,CVE-2020-27054,CVE-2020-27046,CVE-2020-0298,CVE-2020-0299,CVE-2021-0446,CVE-2021-0487,CVE-2021-1906,CVE-2021-1905,CVE-2021-28663,CVE-2021-28664,CVE-2021-0493,CVE-2021-0494,CVE-2021-0495,CVE-2021-0496,CVE-2021-0497,CVE-2021-0498,CVE-2021-0491,CVE-2021-0490,CVE-2021-0489,CVE-2021-0492,CVE-2019-9358,CVE-2020-0359,CVE-2020-27059

※For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).

This security update includes the following HUAWEI patches:

CVE-2021-22388: Out-of-bounds array access in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause certain codes to be executed.

CVE-2020-24587: Packet injection vulnerability due to the weaknesses found in the Wi-Fi protocol in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2021-22445: Improper verification vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may cause the system to reset.

CVE-2021-22444: Logic bypass vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may cause code injection.

CVE-2021-22443: Improper verification vulnerability in some HUAWEI devices

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may cause random address access.

CVE-2021-22442: Improper verification of the integrity check result in some HUAWEI devices

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may cause the system to reset.

CVE-2021-22438: Memory address out of bounds vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause malicious code to be executed.

CVE-2021-22435: Logic bypass vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service integrity and availability.

CVE-2021-22434: Memory address out of bounds vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause malicious code to be executed.

Acknowledgment: Lorant Szabo, TASZK Security Labs

CVE-2021-22433: Memory address out of bounds vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause malicious code to be executed.

Acknowledgment: Daniel Komaromy and Lorant Szabo, TASZK Security Labs

CVE-2021-22432: Vulnerability when configuring permission isolation in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause out-of-bounds access.

Acknowledgment: Lorant Szabo, TASZK Security Labs

CVE-2021-22431: Vulnerability when configuring permission isolation in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause out-of-bounds access.

Acknowledgment: Daniel Komaromy and Gyorgy Miru, TASZK Security Labs

CVE-2021-22430: Logic bypass vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may cause code injection.

Acknowledgment: Lorant Szabo, TASZK Security Labs

CVE-2021-22429: Memory address out of bounds vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause malicious code to be executed.

Acknowledgment: Daniel Komaromy and Lorant Szabo, TASZK Security Labs

CVE-2021-22428: Race condition vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may lead to authentication bypass.

CVE-2021-22427: Race condition vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may lead to authentication bypass.

CVE-2021-22426: Memory address out of bounds vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause malicious code to be executed.

Acknowledgment: Daniel Komaromy and Lorant Szabo, TASZK Security Labs

CVE-2021-22415: DoS vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause kernel exceptions with the code.

CVE-2021-22414: Stack overflow vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 10.0.0, EMUI 9.1.0, Magic UI 3.0.0, EMUI 8.2, EMUI 8.0

Impact: Successful exploitation of this vulnerability may cause the system to reset.

CVE-2021-22413: Out-of-bounds memory write vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 10.0.0, EMUI 9.1.0, Magic UI 3.0.0, EMUI 8.2, EMUI 8.0

Impact: Successful exploitation of this vulnerability may cause the system to reset.

CVE-2021-22412: Out-of-bounds address access in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause random kernel address access.

CVE-2021-22392: Improper verification vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may cause verification bypass and directions to abnormal addresses.

Acknowledgment: Daniel Komaromy and Gyorgy Miru, TASZK Security Labs

CVE-2021-22391: Stack overflow vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may cause the system to reset.

CVE-2021-22390: UAF vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause certain codes to be executed.

CVE-2021-22389: Kernel address rewrite vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause certain codes to be executed.

CVE-2021-22446: Improper verification vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may cause the system to reset.

CVE-2021-22387: Deserialization vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may allow attempts to remotely execute commands.

CVE-2021-22386: Race condition vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may lead to authentication bypass.

CVE-2021-22385: NFC-based connection authentication vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may lead to authentication bypass.

CVE-2021-22384: Race condition vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may lead to authentication bypass.

CVE-2021-22381: Bluetooth protocol stack vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may cause an infinite loop in DoS.

CVE-2021-22380: Vulnerability of abusing frames of the Wi-Fi protocol for attacks in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may affect service integrity.

Acknowledgment: Mathy Vanhoef, New York University Abu Dhabi

CVE-2021-22379: Integer overflow vulnerability in some HUAWEI phones

Severity: Low

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause DoS of Samgr.

CVE-2021-22376: Logic bypass vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 10.1.1, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality, availability and integrity.

CVE-2021-22375: Logic bypass vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 10.1.1, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality, availability and integrity.

CVE-2021-22370: Improper verification vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-22367: Logic bypass vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may lead to authentication bypass.

CVE-2021-22319: Improper verification vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause integer overflows.

CVE-2020-26558: Connection key leakage vulnerability due to the weaknesses found in the Bluetooth protocol in some HUAWEI phones/earphones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2020-26555: Connection key leakage vulnerability due to the weaknesses found in the Bluetooth protocol in some HUAWEI phones/earphones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2020-26147: Vulnerability of abusing frames of the Wi-Fi protocol for attacks in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2020-26146: Vulnerability of abusing frames of the Wi-Fi protocol for attacks in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2020-26145: Packet injection vulnerability due to the weaknesses found in the Wi-Fi protocol in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2020-26144: Packet injection vulnerability due to the weaknesses found in the code in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2020-26143: Packet injection vulnerability due to the weaknesses found in the Wi-Fi protocol in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2020-26142: Vulnerability of abusing frames of the Wi-Fi protocol for attacks in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2020-26141: Vulnerability of abusing frames of the Wi-Fi protocol for attacks in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2020-26140: Packet injection vulnerability due to the weaknesses found in the code in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2020-26139: Vulnerability of forwarding unverified packets in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2020-24588: Packet injection vulnerability due to the weaknesses found in the Wi-Fi protocol in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2021-22447: Improper verification vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may cause the system to reset.

CVE-2021-22448: Improper verification vulnerability in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may cause unauthorized read and write of some files.

CVE-2020-24586: Packet injection vulnerability due to the weaknesses found in the Wi-Fi protocol in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity.

Leaving consumer.huawei.com
After clicking the link, you will enter a third-party website. Huawei is not responsible and has no control over this third party website.
Return Continue